Commit Graph

10832 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan 0d0ca075a6
Revert "DEV: Improve performance of system tests by disabling GPU in chrome (#21882)" (#21888)
This reverts commit 128d67ba56.

Doesn't seem to have any impact on CI
2023-06-01 22:05:04 +08:00
Alan Guo Xiang Tan 128d67ba56
DEV: Improve performance of system tests by disabling GPU in chrome (#21882)
It seems like the overhead of GPU acceleration is not worth it and is
slowing down our system tests. Locally the following command completes
in `2 minutes 8.6 seconds` with GPU disabled as compared to `2 minutes 45.4 seconds` with GPU enabled.
2023-06-01 16:59:20 +08:00
Alan Guo Xiang Tan 0494157452
DEV: Fix flaky test (#21880)
```
  1) TopicsFilter#filter_from_query_string ordering topics filter when ordering topics by creation date when query string is `order:created-invalid` should return topics ordered by the default order
     Failure/Error:
       expect(
         TopicsFilter
           .new(guardian: Guardian.new)
           .filter_from_query_string("order:#{order}-invalid")
           .pluck(:id),
       ).to eq(Topic.all.order(:id).pluck(:id))

       expected: [484, 485, 486]
            got: [486, 484, 485]
```
2023-06-01 15:47:33 +08:00
锦心 96a2893284
FEATURE: Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post (#21853)
Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post
2023-06-01 11:32:05 +08:00
Osama Sayegh c2fcd55a80
FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales (#21876)
Prior to this commit, we didn't have RTL versions of our admin and plugins CSS bundles and we always served LTR versions of those bundles even when users used an RTL locale, causing admin and plugins UI elements to never look as good as when an LTR locale was used. Example of UI issues prior to this commit were: missing margins, borders on the wrong side and buttons too close to each other etc.

This commit creates an RTL version for the admin CSS bundle as well as RTL bundles for all the installed plugins and serves those RTL bundles to users/sites who use RTL locales.
2023-06-01 05:27:11 +03:00
Sam c2332d7505
FEATURE: reduce avatar sizes to 6 from 20 (#21319)
* FEATURE: reduce avatar sizes to 6 from 20

This PR introduces 3 changes:

1. SiteSetting.avatar_sizes, now does what is says on the tin.
previously it would introduce a large number of extra sizes, to allow for
various DPIs. Instead we now trust the admin with the size list.

2. When `avatar_sizes` changes, we ensure consistency and remove resized
avatars that are not longer allowed per site setting. This happens on the
12 hourly job and limited out of the box to 20k cleanups per cycle, given
this may reach out to AWS 20k times to remove things.

3.Our default avatar sizes are now "24|48|72|96|144|288" these sizes were
very specifically picked to limit amount of bluriness introduced by webkit.
Our avatars are already blurry due to 1px border, so this corrects old blur.

This change heavily reduces storage required by forums which simplifies
site moves and more.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-06-01 10:00:01 +10:00
Vinoth Kannan d4bfd441ba
FEATURE: display PM participant group names in the topics list. (#21677)
After this change, we can view all participant group names on the topic list page.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2023-05-31 19:32:06 +05:30
Alan Guo Xiang Tan c01580298e
Revert "PERF: Client side triggering multiple requests when opening composer (#21823)" (#21858)
This reverts commit e1ba4c6b73.

Tests are flaky
2023-05-31 21:18:45 +08:00
Alan Guo Xiang Tan 4dd053a69c
DEV: Call `MessageBus.stop()` after each system test (#21848)
## What is the problem?

MessageBus by default uses long polling which keeps a connection
open for 25 seconds by default. The problem here is that Capybara does not know about these
connections being kept opened by MessageBus and hence does not know how
to stop these connections at the end of each test. As a result, the long polling MessageBus connections are kept opened by the browser and we hit chrome's limit of 6 concurrent requests per host, new request made in the browser is marked as "pending" until a request is freed up. Since we keep a MessageBus long polling connection opened for 25 seconds, our finders in Capybara end up hitting Capybara's wait time out causing the tests to fail.  

## What is the fix?

Since we can't rely on Capybara to close all the existing Capybara
connections, we manually execute a script to stop all MessageBus
connections after each system test.

```
for i in {1..10}; do
  echo "Running iteration $i"
  PARALLEL_TEST_PROCESSORS=8 CAPYBARA_DEFAULT_MAX_WAIT_TIME=10 bin/turbo_rspec --seed=34908 --profile --verbose --format documentation spec/system
  if [ $? -ne 0 ]; then
    echo "Error encountered on iteration $i"
    exit 1
  fi
done
echo "All 10 iterations completed successfully"
```

Without the fix, the script fails consistently in the first few iterations. Running in non-headless mode with the "network" tab opened will reveal the requests that are marked as pending.
2023-05-31 21:00:35 +08:00
Alan Guo Xiang Tan e1ba4c6b73
PERF: Client side triggering multiple requests when opening composer (#21823)
What is the problem?

There are two problems being fixed here:

1. When opening the composer, we are seeing multiple requests made to
   the `/composer_messages` endpoint. This is due to our use of the
   `transitionend` event on the `#reply-control` element. The event is
   fired once for each transition event and the `#reply-control` element
   has multiple transition events.

2. System tests have animations disabled so the `transitionend` event
   does not fire at all.

What is the solution?

Instead of relying on the `transitionend` event, we can instead just
observer the `composerState` property of the `ComposerBody` component
and trigger the `composer:opened` appEvent with a delay that is similar
to the transition duration used for the `ComposerBody` component.
2023-05-31 20:58:45 +08:00
Jarek Radosz 5f1e182956
DEV: Remove deprecated posts/:username/flagged (#21846) 2023-05-31 13:00:35 +02:00
Alan Guo Xiang Tan 83af25179d
DEV: Avoid waiting full capybara default wait time (#21842)
Avoid using negated matchers with custom RSpec matchers that rely on
`has_css?` as it'll result in Capybara waiting the full default wait
time.
2023-05-31 07:00:16 +08:00
Alan Guo Xiang Tan e3e7b080c6
DEV: Disable splash screen in system tests (#21840)
Why is this change required?

We had a system test failed right after visiting a URL because an
element that was supposed to be on screen isn't. In the screenshot
captured, the app was still stuck on the splash screen. We're not sure
if this has been causing flakiness in our system tests but there is no
good reason to enable splash screen which adds some overhead to each
page load.
2023-05-31 06:16:22 +08:00
Sérgio Saquetim 908117e270
DEV: Added modifier hooks to allow plugins to tweak how categories and groups are fetched (#21837)
This commit adds modifiers that allow plugins to change how categories and groups are prefetched into the application and listed in the respective controllers.

Possible use cases:

- prevent some categories/groups from being prefetched when the application loads for performance reasons.
- prevent some categories/groups from being listed in their respective index pages.
2023-05-30 18:41:50 -03:00
Keegan George 3a54f81bf4
DEV: Skip flaky form template spec (#21838) 2023-05-30 13:55:03 -07:00
Keegan George 856c4ed295
DEV: Remove skipped form template system spec (#21832)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-05-30 20:37:32 +02:00
Jarek Radosz 3569a48b2d
DEV: Rescue the timeout error for a better spec cleanup (#21826)
Rescuing them still makes timing-out tests fail but doesn't break `after` spec cleanup (which could trigger more errors) Using custom error class to avoid any other possible timeout-catching code.

Also:
* remove an unnecessary `.select { |x| x.size > 0 }`
* fix a typo in a test title
2023-05-30 19:14:54 +02:00
Keegan George 093552bc84
DEV: Remove setting explicit `id` on Fabricated property (#21831) 2023-05-30 09:34:01 -07:00
Alan Guo Xiang Tan deda61b3a4
DEV: Temporarily skip system test that fails with animations disabled (#21824) 2023-05-30 16:33:06 +08:00
Alan Guo Xiang Tan b00edf3ea0 DEV: Add `--profile=[COUNT]` option for `turbo_rspec`
Why is this change required?

By default, `RSpec` comes with a `--profile=[COUNT]` option as well but
enabling that option means that the entire test suite needs to be
executed. This does not work so well for `turbo_rspec` which splits our
test files into various "buckets" for the tests to be executed in
multiple processes. Therefore, this commit adds a similar
`--profile=[COUNT]` option to `turbo_rspec` but will only profile the
tests being executed. Examples:

`LOAD_PLUGINS=1 bin/turbo_rspec --profile plugins/*/spec/system`

or

`LOAD_PLUGINS=1 bin/turbo_rspec --profile=20 plugins/*/spec/system`
2023-05-30 13:46:14 +09:00
Alan Guo Xiang Tan b580f04d34
DEV: Disable animation in system tests (#21821)
What is this change?

This change is an attempt to avoid flakiness in our tests due to
animations being enabled in our tests. An example of flakiness caused by
animations is when the `find(selector).click` pattern is used. When
`find(selector)` returns the node, its position may have changed if the
element is still moving. However, the `click` method will end up
clicking on the old position.

Either way, there is no need for us to make system tests even more
complicated by enabling animations.
2023-05-30 12:45:24 +08:00
Keegan George c74c90bae5
DEV: Show form templates in the composer (#21190) 2023-05-29 14:47:18 -07:00
Joffrey JAFFEUX 9321299caa
DEV: uses select-kit component for interface spec (#21790) 2023-05-29 10:48:59 +02:00
Alan Guo Xiang Tan 8a9d3b3eed
DEV: Skip flaky system tests on CI (#undefined) 2023-05-29 15:03:49 +08:00
Alan Guo Xiang Tan 7fdede9f0f
DEV: Speed up slow system tests (#21803)
What is the problem?

Prior to this change, we had a `has_css?(context + ":not(.is-expanded)"`
check when using the select-kit component page object. The problem here
is that this check will end up waiting the full capybara default wait
time if the select-kit has already been expanded. It turns out that we
were calling this check alot of times when the select-kit has already
been expanded resulting in many tests waiting the full default wait
time.

What is the fix?

The fix here is to specify the `wait: 0` option such that we do not wait
and fundamentally, there is no need for us to wait at all here.
2023-05-29 13:31:02 +08:00
Krzysztof Kotlarek 9f78ff5572
FEATURE: modal for admins to edit Community section (#21668)
Allow admins to edit Community section. This includes drag and drop reorder, change names, delete and reset to default.

Visual improvements introduced in edit community section modal are available in edit custom section form as well. For example:
- drag and drop links to change their position;
- smaller icon picker.
2023-05-29 15:20:23 +10:00
Alan Guo Xiang Tan 7d9a823a55
DEV: Fix flaky user preferences interface system test (#21800)
Why is this change required?

The flaky system test was due to the fact that we had to poll for the
user preferences interface page to reload after saving. However, this
turns out to be a bug on the user perferences interface page because the
page should only reload if the user has selected a new theme that is
different from the site's default but we were reloading the page for
users that did not have any user theme selected. Therefore there was an
unnecessary reload happening when saving other fields on the user
preferences interface page.
2023-05-29 11:56:21 +08:00
Joffrey JAFFEUX 9392bd0f79
DEV: fix tag synonyms flakey specs (#21787)
The fix use the SelectKit component in the spec and improves reliability of SelectKit component to ensure expanded/collapsed state effectively set/present.

Multiple lines have also been removed as they are not necessary, eg: 

- check button is present
- click button

The check is un-necesssary as we won't find the button on click if not present. This kind of checks are only necessary when another element has to be present before the button is show, eg:

- check modal is displayed
- click button

FInally this commit changes the way the SelectKit component initializes component and now uses a css selector instead of a finder, it ensures we are always getting fresh object and allows to build complete selectors: ".context[data-id=1].foo:enabled"
2023-05-28 15:35:55 +02:00
Joffrey JAFFEUX 4303d4711f
DEV: prevents flakey in autocomplete hashtag (#21786)
Watching screenshots of failures it appears that sometimes the reply was stuck at: `this is a #` due to the autocomplete showing, given we only need to send a reply here? I think fill_in + click send should be more reliable here.

Note I also tweaked `send_reply` to accept a content param and use it to fill composer when given.
2023-05-28 14:17:39 +02:00
Joffrey JAFFEUX 885ab7c7bb
DEV: allows to open chrome tools by default (#21778)
Usage:

```
CHROME_DEV_TOOLS=bottom  bundle exec rspec /path/to/system/spec
```

This commit also regroups common chrome options under `apply_base_chrome_options`, and removes the size of the mobile window which was incorrect. browser_log param is also passed to mobile chrome options.
2023-05-28 14:16:38 +02:00
Joffrey JAFFEUX 71330961dc
DEV: more reliable toggle_setting spec helper (#21779)
Page settings can be very long and the setting can be way out of viewport. This should ensure the setting can be found and clicked.

This was for example causing this flakey in discourse-topic-voting:

```
Failures:

  1) Voting enables voting in category topics and votes
     Failure/Error: find(".edit-category-tab .#{setting} label.checkbox-label", text: text).click

     Capybara::ElementNotFound:
       Unable to find css ".edit-category-tab .enable-topic-voting label.checkbox-label"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_voting_enables_voting_in_category_topics_and_votes_873.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31341/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/category.rb:34:in `toggle_setting'
     # ./plugins/discourse-topic-voting/spec/system/voting_spec.rb:39:in `block (2 levels) in <main>'
     # ./spec/rails_helper.rb:368:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:364:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'

Finished in 7 minutes 18 seconds (files took 0 seconds to load)
445 examples, 1 failure, 17 pending, 1 error occurred outside of examples

Failed examples:

rspec ./plugins/discourse-topic-voting/spec/system/voting_spec.rb:27 # Voting enables voting in category topics and votes
```
2023-05-28 14:15:10 +02:00
Joffrey JAFFEUX 8d5e3e1cf4
DEV: ensures preview button is enabled (#21780)
In tests we could attempt to click the preview button when it was not enabled yet, causing a noop and a future failure. This fix ensures we try to find (and wait) for an enabled button.

This should help with this specific flakey:

```
Failures:

  1) Admin Customize Form Templates when visiting the page to create a new form template should render all the input field types in the preview
     Failure/Error: find(".form-template-field__#{type}").present?

     Capybara::ElementNotFound:
       Unable to find css ".form-template-field__input"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_admin_customize_form_templates_when_visiting_the_page_to_create_a_new_form_template_should_render_all_the_input_field_types_in_the_preview_277.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31339/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/form_template.rb:55:in `has_input_field?'
     # ./spec/system/admin_customize_form_templates_spec.rb:114:in `block (3 levels) in <main>'
     # ./spec/rails_helper.rb:368:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:364:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-05-28 14:15:02 +02:00
Joffrey JAFFEUX 5c05361587
DEV: ensures save button is visible and enabled (#21781)
In tests we could attempt to click the button before it was enabled and it could also not be visible on screen. This commits attempts to solve both problems.

It should solve this failure:

```
Failures:

  1) Admin Customize Form Templates when visiting the page to create a new form template should allow admin to create a new form template
     Failure/Error: find(".form-templates__table tbody tr td", text: name).present?

     Capybara::ElementNotFound:
       Unable to find css ".form-templates__table tbody tr td"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_admin_customize_form_templates_when_visiting_the_page_to_create_a_new_form_template_should_allow_admin_to_create_a_new_form_template_911.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31339/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/form_template.rb:21:in `has_form_template?'
     # ./spec/system/admin_customize_form_templates_spec.rb:71:in `block (3 levels) in <main>'
     # ./spec/rails_helper.rb:381:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:377:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:369:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-05-28 14:14:25 +02:00
Alan Guo Xiang Tan dab37c1a5a
DEV: Run tests with new chrome headless (#21684)
New headless shares the same implementation as the chrome browser
instead of being a separate implementation of its own.

See https://developer.chrome.com/articles/new-headless/ for more
details

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2023-05-26 11:02:56 +02:00
Osama Sayegh bb3c05ba0e
DEV: Allow plugins to hook into user preferences update process on the server (#21737)
This commit introduces a new `within_user_updater_transaction` event that's triggered inside the transaction that saves user updates in `UserUpdater`. Plugins can hook into the transaction using the event to include custom changes in the transaction. Callbacks for this event receive 2 arguments:

1. the user being saved
2. the changed attributes that are passed to `UserUpdater`.

There's also new modifier in this commit called `users_controller_update_user_params` to allow plugins to allowlist custom params in the `UsersController` which eventually end up getting passed as attributes to the `UserUpdater` and the new `within_user_updater_transaction` event where they can be used to perform additional updates using the custom params.

-----

New API is used in https://github.com/discourse/discourse-mailinglist-integration/pull/1.
2023-05-26 03:26:38 +03:00
Renato Atilio c539f749f1
FEATURE: support for chronologically merging posts into existing topic (#21374)
When a user chooses to move a topic/message to an existing topic/message, they can now opt to merge the posts chronologically (using a checkbox in the UI).
2023-05-25 14:38:34 -04:00
Sérgio Saquetim 6a65fa982d
FIX: Include more_topic_url in the response to /categories_and_{latest, top} (#21738)
The field more_topic_url is already included in the response preloaded in categories#index

However this field was missing if a request was subsequently made to update the page using
the end-points /categories_and_latest or /categories_and_top. This could lead the client
app to display incorrect information if it relied on this information to update the UI.
2023-05-25 15:24:48 -03:00
Jarek Radosz 036e27e69a
DEV: Move distance_of_time_in_words/time_ago_in_words (#21745)
It wasn't a patch (just two helper functions that were called directly) and no longer has much to do with "Rails 4"
2023-05-25 14:53:59 +02:00
Jarek Radosz 22a6ae7e32
DEV: Remove `renderTemplate` from the styleguide (#21660)
Adds plugin API:

```js
import fidget from "../components/styleguide/molecules/fidget";

api.addStyleguideSection({
  component: fidget,
  id: "fidget",
  category: "molecules",
  priority: 0,
});
```

Removes notes. You can always add `<p class="styleguide-note">` to section components to annotate them.
2023-05-25 11:22:36 +02:00
Alan Guo Xiang Tan e8b138e24f
DEV: Minor improvements to SidebarSectionsController spec (#21734)
1. '#reorder' specs where serializing objects when it is not needed.

2. Add tests for anon user to `#reorder` specs
2023-05-25 10:08:10 +08:00
Alan Guo Xiang Tan 5cfe323445
PERF: Strict loading for SidebarSection queries (#21717)
What is this change required?

I noticed that actions in `SidebarSectionsController` resulted in
lots of N+1 queries problem and I wanted a solution to
prevent such problems without having to write N+1 queries tests. I have
also used strict loading for `SidebarSection` queries in performance
sensitive spots.

Note that in this commit, I have also set `config.active_record.action_on_strict_loading_violation = :log`
for the production environment so that we have more visibility of
potential N+1 queries problem in the logs. In development and test
environment, we're sticking with the default of raising an error.
2023-05-25 09:10:32 +08:00
Alan Guo Xiang Tan 916495e0a1
DEV: Avoid leaking new site setting states in test environment (#21713)
What is the problem?

In the test environement, we were calling `SiteSetting.setting` directly
to introduce new site settings. However, this leads to changes in state of the SiteSettings
hash that is stored in memory as test runs. Changing or leaking states
when running tests is one of the major contributors of test flakiness.

An example of how this resulted in test flakiness is our `spec/integrity/i18n_spec.rb` spec file which
had a test case that would fail because a new "plugin_setting" site
setting was registered in another test case but the site setting did not
have translations for the site setting set.

What is the fix?

There are a couple of changes being introduced in this commit:

1. Make `SiteSetting.setting` a private method as it is not safe to be
   exposed as a public method of the `SiteSetting` class

2. Change test cases to use existing site settings in Discourse instead
   of creating custom site settings. Existing site settings are not
   removed often so we don't really need to dynamically add new site
   settings in test cases. Even if the site settings being used in test
   cases are removed, updating the test cases to rely on other site
   settings is a very easy change.

3. Set up a plugin instance in the test environment as a "fixture"
   instead of having each test create its own plugin instance.
2023-05-25 07:53:57 +08:00
Bianca Nenciu 61a0ae3755
FEATURE: Create legal topics for set company name (#21620)
Legal topics, such as the Terms of Service and Privacy Policy topics
do not make sense if the entity creating the community is not a company.
These topics will be created and updated only when the company name is
present and deleted when it is not.
2023-05-24 23:05:36 +03:00
Joffrey JAFFEUX 38d358fb9a
FIX: flakey spec in sidebar with new font size (#21728)
This commit also includes two changes to the rails helper which make tests more consistent on different devices. With this change the failure was reproducible locally and not only on CI:

```
options.add_argument("--force-device-scale-factor=1")
```

The fix itself is quite simple and attempts to find safe click coordinates, the previous solution could fail depending on the size of the sidebar.
2023-05-24 18:59:12 +02:00
Loïc Guitaut 37b71c5903 FIX: Don’t run validations when invalidating invites
This patch is a followup of
https://github.com/discourse/discourse/pull/21504 where limits on custom
message for an invite were introduced.

This had a side effect of making some existing invites invalid and with
the current code, they can’t be invalidated anymore.

This patch takes the approach of skipping the validations when invites
are invalidated since the important thing here is to mark the invite as
invalidated regardless of its actual state in the DB. (no other
attributes are updated at the same time anyway)
2023-05-24 15:51:33 +02:00
Gerhard Schlager 4332f4b833
DEV: Fix flaky `Group` specs (#21722)
Comparing arrays without an explicit order or sort is usually a bad idea and leads to flakiness. It also replaces `#sort` calls in a couple of specs with array specific matchers like `contain_exactly` and `match_array`.

In addition to that it switches the arguments of some expectations around, because it should be `expect(actual).to eq(expected)` instead of `expect(expected).to eq(actual)`
2023-05-24 12:45:22 +02:00
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714)
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
2023-05-24 16:14:18 +05:30
Sam b2e3084205
FEATURE: allow searching for oldest topics (#21715)
In some cases reverse chronological can be very important.

- Oldest post by sam
- Oldest topic by sam

Prior to these new filters we had no way of searching for them.

Now the 2 new orders `order:oldest` and `order:oldest_topic` can be used
to find oldest topics and posts

* Update spec/lib/search_spec.rb

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

* Update spec/lib/search_spec.rb

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2023-05-24 18:26:36 +10:00
Loïc Guitaut 4ea396e67c DEV: Bump the limits on group request text fields
Users submitting requests to join groups were not receiving errors when
the character limit for the request was exceeded. This also affects the
UX when admin-created group request templates are inserted into the
request.

This patch bumps the limits.

- https://meta.discourse.org/t/group-membership-requests-suddenly-limited-to-274-characters/265127
- https://github.com/discourse/discourse/pull/19993
2023-05-24 09:57:46 +02:00
Alan Guo Xiang Tan 505f869b70
DEV: Update I18n to 1.13.0 (#21685) 2023-05-24 08:59:37 +08:00
Krzysztof Kotlarek 2aa5fc927e
FIX: allow published pages to be added to sidebar (#21687)
Custom sidebar sections should accept publish pages with URL `/pub/*`. Similarly to `/my/activity` links.
2023-05-24 08:59:19 +10:00
Blake Erickson b637249169
FIX: Video thumbnails can have duplicates (#21681)
* FIX: Video thumbnails can have duplicates

It's possible that a duplicate video or even a very similar video could
generate the same video thumbnail. Because video thumbnails are mapped
to their corresponding video by using the video sha1 in the thumbnail
filename we need to allow for duplicate thumbnails otherwise even when a
thumbnail has been generated for a topic it will not be mapped
correctly.

This will also allow you to re-upload a video on the same topic to
regenerate the thumbnail.

* fix typo
2023-05-23 09:00:09 -06:00
Faizaan Gagan d1334a7aaf
FIX: consider users.created_at for inactive cleanup (#21688) 2023-05-23 13:41:23 +05:30
Martin Brennan 0b3cf83e3c
FIX: Do not cook icon with hashtags (#21676)
This commit makes some fundamental changes to how hashtag cooking and
icon generation works in the new experimental hashtag autocomplete mode.
Previously we cooked the appropriate SVG icon with the cooked hashtag,
though this has proved inflexible especially for theming purposes.

Instead, we now cook a data-ID attribute with the hashtag and add a new
span as an icon placeholder. This is replaced on the client side with an
icon (or a square span in the case of categories) on the client side via
the decorateCooked API for posts and chat messages.

This client side logic uses the generated hashtag, category, and channel
CSS classes added in a previous commit.

This is missing changes to the sidebar to use the new generated CSS
classes and also colors and the split square for categories in the
hashtag autocomplete menu -- I will tackle this in a separate PR so it
is clearer.
2023-05-23 09:33:55 +02:00
Krzysztof Kotlarek 2af897df61
DEV: specs to ensure that only admin can edit Community section (#21666)
In addition, add lock that even admin can not delete Community section
2023-05-23 10:54:55 +10:00
Krzysztof Kotlarek 75417be528
DEV: edited links are set in specific order (#21665)
Update section endpoint already exists. However, it has to also respect order of links.
2023-05-23 10:00:46 +10:00
Krzysztof Kotlarek 7ead8de232
DEV: endpoint to reset community community-section (#21664)
In upcoming PRs, admins will be able to edit the Community section. We need an endpoint which allows resetting it to the default state.
2023-05-23 09:53:32 +10:00
Faizaan Gagan a58c37bdc5
FIX: allow admin to change topic notification level via API (#21581)
* FIX: allow admin to change topic notification level via API

* default to `current_user` if admin changes own level

* check param existence

* simplify condition

* remove rescue

* Update spec/requests/topics_controller_spec.rb

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

* added specs for other cases

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-05-23 00:47:58 +05:30
Faizaan Gagan efdfddf7fc
FIX: consider users with trashed topics/posts for inactive cleanup (#21678)
* FIX: consider users with trashed topics/posts for inactive cleanup

* defer checking for missing associations
2023-05-23 00:26:24 +05:30
Natalie Tay 07061410d8
FIX: Anonymizing a user clears their user status too (#21673) 2023-05-22 13:18:09 +08:00
Juan David Martínez Cubillos 774313ef0f
FIX: Fix for Default to subcategory when parent category does not allow posting (#21537)
* FIX: Fix for Default to subcategory when parent category does not allow posting

* added tests for edge case scenario

* implemented correct behaviour when parent category doesn't have subcategories

* implemented new fabricator for categories and suggested changes
2023-05-19 07:37:23 -05:00
Jarek Radosz 928d608ce7
DEV: Add a per-spec timeout (#21648) 2023-05-19 12:08:48 +02:00
Régis Hanol db9d998de3
FIX: improve mailman email parsing (#21627)
https://meta.discourse.org/t/improving-mailman-email-parsing/253041

When mirroring a public mailling list which uses mailman, there were some cases where the incoming email was not associated to the proper user.

As it happens, for various (undertermined) reasons, the email from the sender is often not in the `From` header but can be in any of the following headers: `Reply-To`, `CC`, `X-Original-From`, `X-MailFrom`.

It might be in other headers as well, but those were the ones we found the most reliable.
2023-05-19 10:33:48 +02:00
Alan Guo Xiang Tan b183b997fb
UX: Add custom section button should not be shown to anon users (#21651) 2023-05-19 09:31:25 +08:00
Bianca Nenciu 5654aedd75
UX: Remove welcome topic admin tip and tweak copy (#21593)
The welcome topic user tip was for admins only, but in general, user
tips should be used for guiding new users through the features that
Discourse offers. For this reason, we decided to remove the user tip.

This commit also includes a few more copy tweaks to the welcome topic.
2023-05-18 16:38:04 +03:00
Bianca Nenciu f0ec1fad8c
FIX: Update category tag stats with new or deleted (#21531)
The old method updated only existing records, without considering that
new tags might have been created or some tags might not exist anymore.
This was usually not a problem because the stats were also updated by
other code paths.

However, the ensure consistency job should be more solid and help when
other code paths fail or after importing data.

Also, update category tag stats too should happen when updating other
category stats as well.
2023-05-18 12:46:44 +03:00
Martin Brennan 341f87efb7
FIX: Show gif upload size limit error straight away (#21633)
When uploading images via direct to S3 upload, we were
assuming that we could not pre-emptively check the file
size because the client may do preprocessing to reduce
the size, and UploadCreator could also further reduce the
size.

This, however, is not true of gifs, so we would have an
issue where you upload a gif > the max_image_size_kb
setting and had to wait until the upload completed for
this error to show.

Now, instead, when we direct upload gifs to S3, we check
the size straight away and present a file size error to
the user rather than making them wait. This will increase
meme efficiency by approximately 1000%.
2023-05-18 10:36:34 +02:00
David Battersby 1de8361d2e
FIX: Prevent Email Processor errors when mail is blank or nil (#21292)
Currently processing emails that are blank or have a nil value for the mail will cause several errors.

This update allows emails with blank body or missing sender to log the blank email error to the mail logs rather than throwing an error.
2023-05-18 10:39:37 +08:00
Keegan George 082821c754
DEV: Remove legacy user menu (#21308) 2023-05-17 09:16:42 -07:00
Joffrey JAFFEUX 60c67afba4
DEV: various improvements to devex on chat (#21612)
- Improves styleguide support
- Adds toggle color scheme to styleguide
- Adds properties mutators to styleguide
- Attempts to quit a session as soon as done with it in system specs, this should at least free resources faster
- Refactors fabricators to simplify them
- Adds more fabricators (uploads for example)
- Starts implementing components pattern in system specs
- Uses Chat::Message creator to create messages in system specs, this should help to have more real specs as the side effects should now happen
2023-05-17 17:49:52 +02:00
Ted Johansson 445196399d
FIX: Remove obsolete references to lounge category (#21607)
### What is this change?

The lounge category was replaced with the general category in https://github.com/discourse/discourse/pull/18097.

However, there are still a few references to the lounge category in code. In particular, `Category#seeded?` is erroring out in production looking for `SiteSetting.lounge_category_id`.
2023-05-17 16:34:14 +08:00
Alan Guo Xiang Tan 8d58b1c6b8
DEV: Avoid multiple fabrications in spec (#21606) 2023-05-17 14:28:31 +08:00
Alan Guo Xiang Tan 5878535606
FIX: Searching for svg sprite icons connecting to default database (#21605)
What is the problem?

In `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search`, the controller actions
was using the `RailsMultisite::ConnectionManagement.with_hostname` API
but `params[:hostname]` was always `nil` because the routes does not
have a `:hostname` param component and the client does not ever pass the
`:hostname` param when making the request. When `RailsMultisite::ConnectionManagement.with_hostname` is
used with a `nil` argument, it ends up connecting to the default
multisite database. Usually this would be bad because we're allowing a
site in a multisite setup to connect to another site but thankfully no
private data is being leaked here.

What is the fix?

Since `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search` are login required route,
there is no need for us to switch database connections. The fix here is
to simply remove the use of `RailsMultisite::ConnectionManagement.with_hostname`.
2023-05-17 14:25:06 +08:00
Sérgio Saquetim 21ec70b509
FIX: Miscellaneous tagging errors (#21490)
* FIX: Displaying the wrong number of minimum tags in the composer

When the minimum number of tags set for the category is larger than the minimum number of tags
set in the category tag-groups, the composer was displaying the wrong value.

This commit fixes the value displayed in the composer to show the max value between the required
for the category and the tag-groups set for the category.

This bug was reported on Meta in https://meta.discourse.org/t/tags-from-multiple-tag-groups-required-only-suggest-select-at-least-one-tag/263817

* FIX: Limiting tags in categories not working as expected

When a category was restricted to a tag group A, which was set to only allow
one tag from the group per topic, selecting a tag belonging only to A returned
other tags from A that also belonged to other group/s (if any).

Example:

Tag group A: alpha, beta, gamma, epsilon, delta
Tag group B: alpha, beta, gamma

Both tag groups set to only allow one tag from the group per topic.

If Category 1 was set to only allow tags from the tag group A, and the first tag
selected was epsilon, then, because they also belonged to tag group B, the tags
alpha, beta, and gamma were still returned as valid options when they should not be.

This commit ensures that once a tag from a tag group that restricts its tags to
one per topic is selected, no other tag from this group is returned.

This bug was reported on Meta in https://meta.discourse.org/t/limiting-tags-to-categories-not-working-as-expected/263143.

* FIX: Moving topics does not prompt to add required tag for new category

When a topic moved from a category to another, the tag requirements
of the new category were not being checked.

This allowed a topic to be created and moved to a category:

- that limited the tags to a tag group, with the topic containing tags
not allowed.
- that required N tags from a tag group, with the topic not containing
the required tags.

This bug was reported on Meta in https://meta.discourse.org/t/moving-tagged-topics-does-not-prompt-to-add-required-tag-for-new-category/264138.

* FIX: Editing topics with tag groups from parents allows incorrect tagging

When there was a combination between parent tags defined in a tag group
set to allow only one tag from the group per topic, and other tag groups
relying on this restriction to combine the children tag types with the
parent tag, editing a topic could allow the user to insert an invalid
combination of these tags.

Example:

Automakers tag group: landhover, toyota
  - group set to limit one tag from the group per topic

Toyota models group: land-cruiser, hilux, corolla

Landhover models group: evoque, defender, discovery

If a topic was initially set up with the tags toyota, land-cruiser it was
possible to edit it by removing the tag toyota and adding the tag landhover
and other landhover model tags like evoque for example.

In this case, the topic would end up with the tags toyota, land-cruiser,
landhover, evoque because Discourse will automatically insert the
missing parent tag toyota when it detects the tag land-cruiser.

This combination of tags would violate the restriction specified in
the Automakers tag group resulting in an invalid combination of tags.

This commit enforces that the "one tag from the group per topic"
restriction is verified before updating the topic tags and also
make sure the verification checks the compatibility of parent tags that
would be automatically inserted.

After the changes, the user will receive an error similar to:
The tags land-cruiser, landhover cannot be used simultaneously.
Please include only one of them.
2023-05-15 17:19:41 -03:00
Bianca Nenciu 78022e7a5f
FEATURE: Show user cards for inactive users (#21387)
It used to return 404 which made the user card render and then quickly disappear.
2023-05-15 21:45:26 +03:00
Richard 2b7c677a8c Fix tests 2023-05-15 16:45:33 +02:00
Bianca Nenciu 9a2780397f
FIX: Handle all UTF-8 characters (#21344)
Watched words were converted to regular expressions containing \W, which
handled only ASCII characters. Using [^[:word]] instead ensures that
UTF-8 characters are also handled correctly.
2023-05-15 12:45:04 +03:00
Loïc Guitaut d63ce56252 DEV: Set limit for Invite#custom_message 2023-05-15 09:55:28 +02:00
Loïc Guitaut b81c13280a DEV: Set limits for text fields on BadgeGrouping 2023-05-15 09:54:54 +02:00
Loïc Guitaut 9f283eb836
DEV: Set a limit for ApiKey#description (#21502) 2023-05-15 14:12:25 +10:00
Alan Guo Xiang Tan 366c676156
DEV: Remove flaky test from TopcisFilter (#21543)
TopicsFilter is meant to generate a query scope from a given string so
we don't really need to ensure any ordering outside of the supported
order filters.
2023-05-15 11:18:58 +08:00
Jarek Radosz eec10efc3d
DEV: Enable color CI output and tweak formatting (#21527)
* Color for turbo_rspec in CI (`progress` and `documentation` formats)
* Show "DONE" only when `documentation` formatter is used
* Fix formatting
* Collapse RSpec commands
* Add line wrapping to the `progress` formatter (to mitigate GH Actions issue)
2023-05-12 18:22:15 +02:00
Bianca Nenciu b73a9a1faa
UX: Various improvements to welcome topic CTA (#21010)
- Update welcome topic copy
- Edit the welcome topic automatically when the title or description changes
- Remove “Create your Welcome Topic” banner/CTA
- Add "edit welcome topic" user tip
2023-05-12 17:09:40 +03:00
Jarek Radosz fc17045876
DEV: Clean up workflow files (#21526) 2023-05-12 14:00:04 +02:00
Ted Johansson 07f87ff7a8
DEV: Strictly filter tag search limit parameter input (#21524)
### What is the problem?

It is possible to pass an arbitrary value to the limit parameter in `TagsController#search`, and have it flow through `DiscourseTagging.filter_allowed_tags` where it will raise an error deep in the database driver. MiniSql ensures there's no injection happening, but that ultimately results in an invalid query.

### How does this fix it?

This change checks more strictly that the parameter can be cleanly converted to an integer by replacing the loose `#to_i` conversion semantics with the stronger `Kernel#Integer` ones.

**Example:**

```ruby
"1; SELECT 1".to_i
#=> 1

Integer("1; SELECT 1")
#=> ArgumentError
```

As part of the change, I also went ahead to disallow a limit of "0", as that doesn't seem to be a useful option. Previously only negative limits were disallowed.
2023-05-12 16:49:14 +08:00
Ted Johansson 59867cc091
DEV: Gracefully handle user avatar download SSRF errors (#21523)
### Background

When SSRF detection fails, the exception bubbles all the way up, causing a log alert. This isn't actionable, and should instead be ignored. The existing `rescue` does already ignore network errors, but fails to account for SSRF exceptions coming from `FinalDestination`.

### What is this change?

This PR does two things.

---

Firstly, it introduces a common root exception class, `FinalDestination::SSRFError` for SSRF errors. This serves two functions: 1) it makes it easier to rescue both errors at once, which is generally what one wants to do and 2) prevents having to dig deep into the class hierarchy for the constant.

This change is fully backwards compatible thanks to how inheritance and exception handling works.

---

Secondly, it rescues this new exception in `UserAvatar.import_url_for_user`, which is causing sporadic errors to be logged in production. After this SSRF errors are handled the same as network errors.
2023-05-12 15:32:02 +08:00
Jarek Radosz f9db5d5ea6
DEV: Stub stderr instead of manual change (#21511)
Fixes "stack too deep" issues in CI
2023-05-11 21:18:55 +02:00
Blake Erickson bd6e487df0
FIX: Allow integer group_ids for create invite api (#21494)
This fixes a bug in the create invite API where if you passed in an
integer for the group_ids field it would fail to add the user to the
specified group.
2023-05-11 11:39:33 -06:00
Ted Johansson b837459e1d
DEV: Add both safe and unsafe Discourse.store.download methods (#21498)
* DEV: Add both safe and unsafe Discourse.store.download methods

* DEV: Update call sites that can use the safe store download method
2023-05-11 17:27:27 +08:00
Juan David Martínez Cubillos 83d2f9ef78
FEATURE: Default to subcategory when parent category does not allow posting (#21228)
added site toggle functionality through site settings

added tests to implemented feature

Introduced suggested correction

renamed find_new_topic method and deleted click_new_topic_button method
2023-05-10 12:34:39 -05:00
Bianca Nenciu d3a5a493fa
DEV: Add configurable? helper to Plugin::Instance (#21472)
This reapplies commit 3073e5cfb0, with
a fix that makes sure that plugins can be looked up both by the name
present in metadata and directory name.
2023-05-10 16:21:48 +03:00
Jan Cernik cbbaeb55b5
FIX: Don't autojoin users when they have ready-only permissions (#20213)
After this change, in order to join a chat channel, a user needs to be in a group with at least “Reply” permission for the category. If the user only has “See” permission, they are able to preview the channel, but not join it or send messages. The auto-join function also follows this new restriction.

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-05-10 08:45:13 -03:00
Joffrey JAFFEUX 3727c95f6f
Revert "DEV: Add configurable? helper to Plugin::Instance (#20767)" (#21469)
This reverts commit 3073e5cfb0.
2023-05-10 12:41:55 +02:00
Bianca Nenciu 3073e5cfb0
DEV: Add configurable? helper to Plugin::Instance (#20767)
This can be used to forcibly disable plugins.
2023-05-10 13:16:37 +03:00
Sam bd32912c5e
FIX: do not allow title stuffing to dominate search (#21464)
We were giving topics with repeated words extra weight in search index.
This meant that it was trivial to stuff words into title to dominate in search
given we search for exact title matches first.

The following tweak means that:

`invite invited invites`
and
`invite some stuff`

Both rank the same for title searching.

Titles are short and punchy, duplicating words should not give special
weight.

Requires a full reindex to take effect.
2023-05-10 11:47:58 +10:00
Blake Erickson 89f721cf67
FIX: Create invite api docs (#21460)
This fixes the api documentation for the create invite api endpoint so
that it uses the `group_ids` param when specifying the group instead of
the incorrect `group_id` param.
2023-05-09 13:20:46 -06:00
Martin Brennan 7a1d60c60e
FIX: Likes received count in digest email (#21458)
This commit fixes an issue where the Likes Received notification
count in the user digest email was not affected by the
since/last_seen date for the user, which meant that no matter
how long it had been since the user visited the count was
always constant.

Now instead for the Likes Received count, we only count the
unread notifications of that type since the user was last
seen.
2023-05-09 19:19:26 +02:00
Loïc Guitaut ae369b1100 FIX: Change the limit on badges description
The current limit (250 characters) is too low, as we have some
translations used for our badge descriptions that result in a
description length of 264 characters.

To be on the safe side, the limit is now set to 500 characters.
2023-05-09 11:41:40 +02:00
Alan Guo Xiang Tan 0c8d3f8542
DEV: Fix `category:` filter only supported alphabets and numbers (#21427)
A category's slug can be encoded when
`SiteSetting.slug_generation_method` has been set to "encoded". As a
result, we have to support non ASCII characters as well.
2023-05-09 08:10:08 +08:00
Alan Guo Xiang Tan 7d0ef338e4
DEV: `tag:` filter on `/filter` only supported alphabets and numbers (#21405)
A tag's name can consist of any Unicode characters as well
2023-05-09 08:02:11 +08:00
Bianca Nenciu 899eb96798
FEATURE: Enable user tips by default (#21341) 2023-05-08 20:33:08 +03:00
Alan Guo Xiang Tan 963bb3406e
DEV: Support excluding categories with the `category:` filter (#21432)
This commit adds support for excluding categories when using the
`category:` filter with the `-` prefix. For example,
`-category:category-slug` will exclude all topics that belong to the
category with slug "category-slug" and all of its sub-categories.

To only exclude a particular category and not all of its sub-categories,
the `-` prefix can be used with the `=` prefix. For example,
`-=category:category-slug` will only exclude topics that belong to the
category with slug "category-slug". Topics in the sub-categories of
"category-slug" will still be included.
2023-05-08 14:04:47 +08:00
Natalie Tay 7aa2ede17f
FIX: Update test limit for email domain (#21429) 2023-05-08 12:19:10 +08:00
Sam 83f1a13374
DEV: stop leaking data into tables during test (#21403)
This amends it so our cached counting reliant specs run in synchronize mode

When running async there are situations where data is left over in the table
after a transactional test. This means that repeat runs of the test suite
fail.
2023-05-06 07:15:33 +10:00
Alan Guo Xiang Tan fe10c61dfa
DEV: Reset capybara sessions and default driver after each test (#21402)
I don't think we're leaking state at the moment but the docs are
recommending that this two methods are called after each run.
2023-05-05 11:37:04 +08:00
Alan Guo Xiang Tan e323628d8a
DEV: Speed up core system tests (#21394)
What is the problem?

We are relying on RSpec custom matchers in system tests by defining
predicates in page objects. The problem is that this can result in a
system test unnecessarily waiting up till the full duration of
Capybara's default wait time when the RSpec custom matcher is used with
`not_to`. Considering this topic page object where we have a `has_post?`
predicate defined.

```
class Topic < PageObject
  def has_post?
    has_css?('something')
  end
end
```

The assertion `expect(Topic.new).not_to have_post` will end up waiting
the full Capybara's default wait time since the RSpec custom matcher is
calling Capybara's `has_css?` method which will wait until the selector
appear. If the selector has already disappeared by the time the
assertion is called, we end up waiting for something that will never
exists.

This commit fixes such cases by introducing new predicates that uses
the `has_no_*` versions of Capybara's node matchers.

For future reference, `to have_css` and `not_to have_css` is safe to sue
because the RSpec matcher defined by Capbyara is smart enough to call
`has_css?` or `has_no_css?` based on the expectation of the assertion.
2023-05-05 07:45:53 +08:00
Blake Erickson 9bd774bccb
SECURITY: Do not overwrite permissions on the General category (#21389)
Before this fix if you had modified the default general category
settings they would be reset back to the default after a deploy.
2023-05-04 14:30:48 -06:00
Bianca Nenciu d6534bdb11
DEV: Fix test (#21283)
Apostrophe-like characters (for example, ’ and ') are transformed to the
ASCII apostrophe (') regardless of search_ignore_accents.
2023-05-04 17:04:26 +03:00
David Taylor 05cd39d4d9
FIX: Do not log 'personal message view' when sending webhook (#21375)
Similar to the issue resolved by 3b55de90e5
2023-05-04 10:15:31 +01:00
Alan Guo Xiang Tan d4e2f764ad
DEV: Fix tags filter with more than 2 tag names in value not working (#21380)
Specifying more than two tag names when using the `tag:` filter was not
working because of a bug in the code where only the first two value in
the `tag:` filter was being selected.
2023-05-04 15:55:31 +08:00
Penar Musaraj d4a2e9a740
UX: Use fixed colors for admin stacked chart reports (#21371)
* UX: Use fixed colors for admin stacked chart reports

* Fix specs
2023-05-04 08:35:19 +02:00
Ted Johansson da6295e3d1
FIX: Allow re-flagging of ninja-edited posts (#21360)
What is the problem?

Consider the following timeline:

1. OP starts a topic.
2. Troll responds snarkily.
3. Flagger flags the post as “inappropriate”.
4. Admin agrees and hides the post.
5. Troll ninja-edits the post within the grace period, but still snarky.
6. Flagger flags the post as inappropriate again.

The current behaviour is that the flagger is met with an error saying the post has been reviewed and can't be flagged again for the same reason.

The desired behaviour is after someone has edited a post, it should be flaggable again.

Why is this happening?

This is related to the ninja-edit feature, where within a set grace period no new revision is created, but a new revision is required to flag the same post for the same reason.

So essentially there is a window between the naughty corner cooldown where a flagged post can't be edited, and the ninja-edit grace period, where an edit can be made without a new revision. Posts that are edited within this window can't be re-flagged by the same user.

|-----------------|-------------------------------|
^ Flag accepted   | ~~~~~~~~~~~~~ 🥷🏻 ~~~~~~~~~~~~ |
                  |                               ^ Editing grace period over
                  ^ Naughty corner cooldown over

How does this fix it?

We already create a new revision when ninja-editing a post with a pending flag. The issue above happens only in the case where the flag is already accepted.

This change extends the existing behaviour so that a new revision is created when ninja-editing any flagged post, regardless of the status of the flag. (Deleted flags excluded.)

This should also help with posterity, avoiding situations where a successfully flagged post looks innocuous in the history because it was ninja-edited, and vice versa.
2023-05-04 10:22:07 +08:00
Krzysztof Kotlarek 709fa24558
DEV: move sidebar community section to database (#21166)
* DEV: move sidebar community section to database

Before, community section was hard-coded. In the future, we are planning to allow admins to edit it. Therefore, it has to be moved to database to `custom_sections` table.

Few steps and simplifications has to be made:
- custom section was hidden behind `enable_custom_sidebar_sections` feature flag. It has to be deleted so all forums, see community section;
- migration to add `section_type` column to sidebar section to show it is a special type;
- migration to add `segment` column to sidebar links to determine if link should be displayed in primary section or in more section;
- simplify more section to have one level only (secondary section links are merged);
- ensure that links like `everything` are correctly tracking state;
- make user an anonymous links position consistence. For example, from now on `faq` link for user and anonymous is visible in more tab;
- delete old community-section template.
2023-05-04 12:14:09 +10:00
Alan Guo Xiang Tan afc1611be7
DEV: Disable SearchIndexer after fabrication (#21378)
SearchIndexer is only automatically disabled in `before_all` and `before` blocks which means at the start
of test runs. Enabling the SearchIndexer in one `fab!` block will affect
all other `fab!` blocks which is not ideal as we may be indexing stuff
for search when we don't need to.
2023-05-04 09:20:52 +08:00
Alan Guo Xiang Tan 9a3257cb33
DEV: Fix system test failure when ran in parallel (#21377)
What is the problem?

The system tests incorrectly assumes that the discobot user which is
seeded by a core plugin will always be present. This is not true as the
discobot user will only be seeded when the test databases are migrated
with plugins enabled. If we migrate test databases without plugins being
enabled, the core system tests should still pass.
2023-05-04 08:24:50 +08:00
Bianca Nenciu cc18a99105
FEATURE: Add new notification for admin problems (#21287)
Add new notification for admin problems to replace old PM-based flow.
2023-05-03 19:35:22 +03:00
Michael Brown 076def505e
FIX: email receiver should ignore x-auto-response-suppress
This header is used by Microsoft Exchange to indicate when certain types of
autoresponses should not be generated for an email.

It triggers our "is this mail autogenerated?" detection, but should not be used
for this purpose.
2023-05-03 12:20:00 -04:00
Loïc Guitaut 783c935dcb DEV: Set limits for text fields in reviewables 2023-05-03 09:54:54 +02:00
Alan Guo Xiang Tan b4cf990a51
DEV: Support both `tag:` as an alias for `tags:` filter for `/filter` (#21353)
We already support `category:` as an alias for `categories` so it makes
sense to support `tag:` as an alias for `tags:`.
2023-05-03 14:51:04 +08:00
Alan Guo Xiang Tan c12e7112bf
DEV: Fix `order:` filter not working on `/filter` route (#21330)
`TopicQuery#latest_results` which was being used by
`TopicQuery#list_filter` defaults to ordering by `Topic#bumped_at` in
descending order and that was taking precedent over the order scopes
being applied by `TopicsFilter`.
2023-05-03 12:40:00 +08:00
Alan Guo Xiang Tan 691b9fb919
DEV: Support comma seperated value in order filter for `/filter` route (#21318)
This allows multiple ordering to be specified by using a comma seperated string.
For example, `order:created,views` would order the topics by
`Topic#created_at` and then `Topic#views.
2023-05-03 12:39:52 +08:00
Alan Guo Xiang Tan 93f7c24240
DEV: Change `created-by` topics query filter to `created-by:@<username>` (#21317)
We want each username to be prefixed with the `@` symbol.
2023-05-03 12:39:11 +08:00
Natalie Tay ccca2dbfe0
FIX: Quoted images should be lightboxed (#21332)
An older change about optimising images caused the selector that adds lightboxing not to apply on quoted images. This fixes that. The selector is now not applicable as optimisation occurs in a separate place.

This change allows quoted images to be opened in a lightbox.
2023-05-02 17:02:19 +08:00
Gerhard Schlager 01dc461cc2
FIX: Disallow invisible Unicode characters in usernames (#21331)
The list of excluded characters is based on https://invisible-characters.com/ and the list of invisible characters used by Visual Studio Code (https://github.com/hediet/vscode-unicode-data)
2023-05-02 17:34:53 +10:00
Sam c63551d227
FEATURE: search_rank_sort_priorities modifier (#21329)
This new modifier can be used by plugins to modify search ordering.

Specifically plugins such as discourse_solved can amend search ordering
so solved topics bump to the top.

Also correct edge case where low and high sort priority categories did not
order correctly when it came to closed/archived
2023-05-02 16:36:36 +10:00
Krzysztof Kotlarek a8e28060d1
FIX: rename notify_about_flags_after to notify_about_reviewable_item_after (#21320)
Change name and description for SiteSetting to make it easier to understand.
2023-05-02 08:08:22 +10:00
Mark VanLandingham 86385bc9cf
REVERT: "FEATURE: Offline indicator controlled by message-bus connectivity (#21324)" (#21327)
This reverts commit b1da670898.
2023-05-01 15:27:02 -05:00
Mark VanLandingham b1da670898
FEATURE: Offline indicator controlled by message-bus connectivity (#21324) 2023-05-01 12:41:30 -05:00
Blake Erickson e2fbf4865a
DEV: Check if video thumbnails site setting is enabled (#21306) 2023-04-28 14:08:20 -06:00
Mark VanLandingham 36d388b57f
Revert "FEATURE: Reimplement offline indicator (#21285)" (#21296)
This reverts commit de1066abcd.
2023-04-28 06:59:10 -05:00
Mark VanLandingham de1066abcd
FEATURE: Reimplement offline indicator (#21285) 2023-04-28 06:32:35 -05:00
Mark VanLandingham 3527fbcd8e
Revert "FEATURE: Service to track message bus connectivity + offline indicator(#21259)" (#21282)
This reverts commit 6bba514b64.
2023-04-27 12:55:41 -05:00
Mark VanLandingham 6bba514b64
FEATURE: Service to track message bus connectivity + offline indicator(#21259) 2023-04-27 11:04:56 -05:00
Loïc Guitaut c4c2da83b4 DEV: Set limits for text fields in badges 2023-04-27 17:22:32 +02:00
Loïc Guitaut a89b3c27aa DEV: set limits for text fields on groups 2023-04-27 13:58:46 +02:00
Sam 2ccc5fc66e
FEATURE: add support for figure and figcaption tags in embeddings (#21276)
Many blog posts use these to illustrate and images were previously omitted

Additionally strip superfluous HTML and BODY tags from embed HTML.

This was incorrectly returned from server.
2023-04-27 19:57:06 +10:00
Alan Guo Xiang Tan 6e5e607072
DEV: Support ordering filters on `/filter` route (#21275)
This commit adds support for the following ordering filters:

1. `order:activity` which orders the topics by `Topic#bumped_at` in descending order
2. `order:activity-asc` which orders the topics by `Topic#bumped_at` in ascending order
3. `order:latest-post` which orders the topics by `Topic#last_posted_at` in descending order
4. `order:latest-post-asc` which orders the topics by `Topic#last_posted_at` in ascending order
5. `order:created` which orders the topics by `Topic#created_at` in descending order
6. `order:created-asc` which orders the topics by `Topic#created_at` in ascending order
7. `order:views` which orders the topics by `Topic#views` in descending order
8. `order:views-asc` which orders the topics by `Topic#views` in ascending order
9. `order:likes` which orders the topics by `Topic#likes` in descending order
10. `order:likes-asc` which orders the topics by `Topic#likes` in ascending order
11. `order:likes-op` which orders the topics by `Post#like_count` of the first post in the topic in descending order
12. `order:likes-op-asc` which orders the topics by `Post#like_count` of the first post in the topic in ascending order
13. `order:posters` which orders the topics by `Topic#participant_count` in descending order
14. `order:posters-asc` which orders the topics by `Topic#participant_count` in ascending order
15. `order:category` which orders the topics by `Category#name` of the topic's category in descending order
16. `order:category-asc` which orders the topics by `Category#name` of the topic's category in ascending order

Multiple order filters can be composed together and the order of ordering is applied based on the position of the filter
in the query string. For example, `order:views order:created` will order the topics by `Topic#views` in descending order
and then order the topics by `Topics#created_at` in descending order.
2023-04-27 15:44:58 +08:00
Alan Guo Xiang Tan 141555136a
DEV: Support filtering by date columns on /filter route (#21233)
This commit adds support for the following date filters:

1. `activity-before:<YYYY-MM-DD>` which filters for topics that have been bumped at or before given date
2. `activity-after:<YYYY-MM-DD>` which filters for topics that have been bumped at or after given date
3. `created-before:<YYYY-MM-DD>` which filters for topics that have been created at or before given date
4. `created-after:<YYYY-MM-DD>` which filters for topics that have been created at or after given date
5. `latest-post-before:<YYYY-MM-DD>` which filters for topics with the
latest post posted at or before given date
6. `latest-post-after:<YYYY-MM-DD>` which filters for topics with the
latest post posted at or after given date

If the filter has an invalid value, i.e string that cannot be converted
into a proper date in the `YYYY-MM-DD` format, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurrence of each filter will be taken into consideration.
2023-04-27 15:43:47 +08:00
Penar Musaraj 3abc542e63
FIX: Include group flair in homepage category topic lists (#21268)
Followup to c03f83bbea.

The `flair_group_id` parameter is now required to show the flair, and this serializer was missing that detail. 

This also fixes a typo in the `include_flair_group_name?` method.
2023-04-27 10:18:16 +08:00
Selase Krakani 37cc056c1b
FIX: Ensure group-filtered group user event webhooks fire (#21254)
Group user event webhooks filtered by group fail silently
because the `group_ids` job arg wasn't being passed into the job.

This change add's `group_ids` to the `EmitWebHookEvent` jobs queued for
`user_added_to_group` and `user_removed_from_group` events.
2023-04-26 22:38:28 +00:00
Joffrey JAFFEUX fcbb753378
DEV: skips flakey spec (#21262) 2023-04-26 19:41:34 +02:00
Bianca Nenciu 024b8b2640
FIX: Show large image placeholder for image onebox (#21237)
Large or broken images are removed from oneboxes, but sometimes images
were removed when they were oneboxed too. The reason is that images can
be oneboxed by the AllowlistedGenericOnebox or ImageOnebox and only
AllowlistedGenericOnebox was handled correctly.
2023-04-26 20:05:22 +03:00
Joffrey JAFFEUX e495a2fc3f
DEV: Enable parallel system specs in GitHub actions CI (#21251)
Also skips/improves few flakey specs
2023-04-26 13:02:19 +02:00
Isaac Janzen 96700d55a4
FIX: Safely return from missing post on `check_dont_feed_the_trolls` (#21238) 2023-04-25 10:08:00 -05:00
Andrei Prigorshnev 0ea5ae86ff
DEV: return user IDs on the user search route (#21206)
We call the `/u/search/users` URL when autocompleting users. It returns 
user's name, username and avatar template, but not user ID.

We need it to return user IDs in order to display user status in certain situations. 
I could add ID to FoundUserWithStatusSerializer, so it will be added only if 
user status is enabled in site settings. But I feel that it's good to always return it, 
it's not a lot of data comparing to what we already return, and it should be useful 
in other scenarios.
2023-04-25 18:25:57 +04:00
Joffrey JAFFEUX bf886662df
UX: improves composer and thread panel (#21210)
This pull request is a full overhaul of the chat-composer and contains various improvements to the thread panel. They have been grouped in the same PR as lots of improvements/fixes to the thread panel needed an improved composer. This is meant as a first step.

### New features included in this PR

- A resizable side panel
- A clear dropzone area for uploads
- A simplified design for image uploads, this is only a first step towards more redesign of this area in the future

### Notable fixes in this PR

- Correct placeholder in thread panel
- Allows to edit the last message of a thread with arrow up
- Correctly focus composer when replying to a message
- The reply indicator is added instantly in the channel when starting a thread
- Prevents a large variety of bug where the composer could bug and prevent sending message or would clear your input while it has content

### Technical notes

To achieve this PR, three important changes have been made:

- `<ChatComposer>` has been fully rewritten and is now a glimmer component
- The chat composer now takes a `ChatMessage` as input which can directly be used in other operations, it simplifies a lot of logic as we are always working a with a `ChatMessage`
- `TextareaInteractor` has been created to wrap the existing `TextareaTextManipulation` mixin, it will make future migrations easier and allow us to have a less polluted `<ChatComposer>`

Note ".chat-live-pane" has been renamed ".chat-channel"

Design for upload dropzone is from @chapoi
2023-04-25 10:23:03 +02:00
Ted Johansson 02625d1edd
DEV: Only allow expanding hidden posts for author and staff (#21052) 2023-04-25 13:37:29 +08:00
Isaac Janzen 366ff0e76b
FIX: Don't display destroy reviewable button on client (#21226)
# Context

https://meta.discourse.org/t/missing-translate-in-review-page/262604

![image](https://user-images.githubusercontent.com/50783505/234089049-72332040-e7d5-4081-824a-b0b36e37187a.png)

An additional button was added as a result of dd495a0e19 which was intended to grant access to deleting reviewable from the API. 

We were being too flexible by only checking if the user was an admin

012aaf0ba3/lib/guardian.rb (L237)

where it should instead by scoped to check if the request was an API call.

# Fix

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R237

# Additions

Added a new guard of `is_api?`

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R657-R660

In `app/models/reviewable.rb` we check if the user has the permissions to the destroy action via the `Guardian`. To do this we were instantiating a new `Guardian` class which then caused us to lose the context of the request. The request is a necessary component in the guard of `is_api?` so we needed to pass the already defined Guardian from the `app/controllers/reviewables_controller.rb` to the `#perform` method to ensure the request is present.
2023-04-24 20:22:37 -05:00
Selase Krakani cdf1589a85
FEATURE: Add support for user badge revocation webhook events (#21204)
Currently, only user badge grants emit webhook events. This change
extends the `user_badge` webhook to emit user badge revocation events.

A new `user_badge_revoked` event has been introduced instead of relying
on the existing `user_badge_removed` event. `user_badge_removed` emitted
just the `badge_id` and `user_id` which aren't helpful for generating a
meaningful webhook payload for revoked(deleted) user badges.

The new event emits  the user badge object.
2023-04-24 20:36:40 +00:00
Jan Cernik c03f83bbea
FIX: Show auto-group flair according to user preferences (#21221) 2023-04-24 16:04:26 -03:00
David Taylor 6cb733d6c7
FIX: Ensure skip-module JS is transpiled correctly (#21224)
This regressed in 7e74dd0afe, and was causing issues with 2fa security keys on the email verification route
2023-04-24 17:39:02 +01:00
David Taylor cd88af8876
FIX: Ensure reviewable counts are updated correctly for new user menu (#21222)
On the client-side, message-bus subscriptions and reviewable count UI is based on the 'redesigned_user_menu_enabled' boolean. We need to use the same logic on the server-side to ensure things work correctly when legacy navigation is used alongside the new user menu.
2023-04-24 16:59:32 +01:00
Mark VanLandingham 012aaf0ba3
PERF: Don't serialize value for theme_fields unnecessarily (#21201)
The value field of ThemeField is only used when viewing a diff in the staff action logs and local theme editing. value is being serialized into the theme index as well, which is not used. It's a huge amount of JSON that we can cut by removing it.

This also breaks up the various theme serializers into separate classes so they autoload properly (or at least restart the server on edit)
2023-04-24 09:30:51 -05:00
Isaac Janzen 599979902e
FIX: Error when trying to bump a topic with no category (#21207)
When revising a post, if the topic that post belonged to did not have a category attached it would error with 

> NoMethodError (undefined method `read_restricted' for nil:NilClass)
2023-04-24 09:28:10 -05:00
David Taylor 26b7f8a63b
DEV: Improve add_to_serializer include_* options (#21220)
- Move the old '`define_include_method`' arg to a `respect_plugin_enabled` kwarg

- Introduce an `include_condition` kwarg which can be passed a lambda with inclusion logic. Lambda will be run via `instance_exec` in the context of the serializer instance

This is backwards compatible - old-style invocations will trigger a deprecation message
2023-04-24 12:17:51 +01:00
Natalie Tay e1bc43aa31
Revert "DEV: Improve `add_to_serializer` `include_*` options (#21073)" (#21219)
This reverts commit 4895e76ef7.
2023-04-24 16:14:52 +08:00
David Taylor 4895e76ef7
DEV: Improve `add_to_serializer` `include_*` options (#21073)
- Move the old '`define_include_method`' arg to a `respect_plugin_enabled` kwarg
- Introduce an `include_condition` kwarg which can be passed a lambda with inclusion logic. Lambda will be run via `instance_exec` in the context of the serializer instance

This is backwards compatible - old-style invocations will trigger a deprecation message

Update chat and poll plugins to new pattern
2023-04-24 15:47:28 +10:00
Canapin f7bc30a37d
DEV: Added a missing parameter to Discourse API Docs (#21085)
---------

Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2023-04-24 15:44:09 +10:00
Blake Erickson 6ae0c42c01
FIX: Do not overwrite existing thumbnails (#21199)
* FIX: Do not overwrite existing thumbnails

When auto generating video thumbnails they should not overwrite any
existing topic thumbnails.

This also addresses an issue with capitalized file extensions like .MOV
that were being excluded.

* Update app/models/post.rb

Remove comment

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-04-21 13:33:33 -06:00
Martin Brennan 30f0afe873
DEV: Fix flaky emoji deny list system spec (#21180)
This was failing quite often with the following error:

```
 1) Emoji deny list when using composer should remove denied emojis from emoji picker
     Failure/Error: find("#{COMPOSER_ID} .emoji-picker")

     Capybara::ElementNotFound:
       Unable to find css "#reply-control .emoji-picker"
```

This was because our `click_toolbar_button` call on the Composer
page object used a number for the position of the toolbar button,
which can be flaky since there are things that hide/show toolbar
buttons or change their position.

Each toolbar button in the composer has a CSS class, so it is
more reliable to use that instead. Also fixed an instance of
calling `has_X?` method directly instead of using the
`have_x` rspec matcher.
2023-04-21 10:55:05 +10:00
Isaac Janzen ce9cccb2fc
FIX: Don't render error for bad-sequence (#21187)
We are seeing issues with the composer not being able to close due to the addition of a error message when rescuing from `Draft::OutOfSequence`. This PR will revert to the original solution implemented prior to https://github.com/discourse/discourse/pull/21148 that just silently rescues from `Draft::OutOfSequence`
2023-04-20 10:26:11 -05:00
Isaac Janzen dd495a0e19
FEATURE: Allow admins to delete reviewables via API (#21174)
This PR adds the ability to destroy reviewables for a passed user via the API. This was not possible before as this action was reserved for reviewables for you created only.

If a user is an admin and calls the `#destroy` action from the API they are able to destroy a reviewable for a passed user. A user can be targeted by passed either their:
- username
- external_id (for SSO) 

to the request.

In the case you attempt to destroy a non-personal reviewable and
- You are not an admin
- You do not access the `#destroy` action via the API

you will raise a `Discourse::InvalidAccess` (403) and will not succeed in destroying the reviewable.
2023-04-20 09:38:41 -05:00
Jarek Radosz 43e0025141
Revert "DEV: Merge package.json files (#21172)" (#21182)
This reverts commit 49a1e1cd0e.

Is causing issues in prod-adjacent environments (Jenkins)
2023-04-20 14:57:40 +02:00
Jarek Radosz 49a1e1cd0e
DEV: Merge package.json files (#21172)
This means: a single yarn.lock and removing one of the package.json files
2023-04-20 12:46:12 +02:00
Ted Johansson e002a24eca
FEATURE: Add new don't feed the trolls feature (#21001)
Responding to negative behaviour tends to solicit more of the same. Common wisdom states: "don't feed the trolls".

This change codifies that advice by introducing a new nudge when hitting the reply button on a flagged post. It will be shown if either the current user, or two other users (configurable via a site setting) have flagged the post.
2023-04-20 15:49:35 +08:00
Martin Brennan 86204fa4f0
FIX: Hashtag subcategory ref incorrect when not highest-ranked type (#21163)
This commit fixes the following scenario:

1. The user is searching for hashtags in chat, where the subcategory
   type is not highest-ranked in priority order.
2. There can, but doesn't have to be, a higher-ranked matching chat
   channel that has the same slug as the subcategory.
3. Since it is not the highest-ranked type, the subcategory, which
   normally has a ref of parent:child, has its ref changed to
   child::category, which does not work

This was happening because whenever a hashtag type was not highest
ranked, if _any_ other hashtag results conflicted slugs, we would
append the ::type suffix. Now, we only append this suffix if a
higher-ranked type conflicts with the hashtag, and we use the current ref
to build the new typed ref to preserve this parent:child format as well,
it's more accurate.
2023-04-20 09:03:55 +10:00
Isaac Janzen a3693fec58
FEATURE: Allow drafts to be deleted via the API (#21148)
This PR adds the ability to destroy drafts for a passed user via the API. This was not possible before as this action was reserved for only your personal drafts.

If a user is an admin and calls the `#destroy` action from the API they are able to destroy a draft for a passed user. A user can be targeted by passed either their:
- username
- external_id (for SSO) 

to the request.

In the case you attempt to destroy a non-personal draft and
- You are not an admin
- You do not access the `#destroy` action via the API

you will raise a `Discourse::InvalidAccess` (403) and will not succeed in destroying the draft.
2023-04-19 14:41:45 -05:00
Blake Erickson 76874b7098
FIX: 500 error when adding restricted category tags (#21147)
This fixes a 500 error that occurs when adding a tag to a category's
restricted tag list if the category's restricted tags already included a
synonym tag.
2023-04-18 11:01:11 -06:00
Ted Johansson f3f30d6865
SECURITY: Encode embed url (#21133)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:29 +08:00
Ted Johansson 437b73e322
SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
Arpit Jalan 8405ae7733
FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110)
* FEATURE: add a setting to allowlist DiscourseConnect return path domains

This commit adds a site setting to allowlist DiscourseConnect return
path domains. The setting needs supports exact domain or wildcard
character (*) to allow for any domain as return path.

* Add more specs to clarify what is allowed in site setting

* Update setting description to explain what is allowed
2023-04-17 22:53:50 +05:30
Loïc Guitaut 430d6308a8 FIX: Render links with subfolders properly in Discobot
Currently, some links aren’t properly built in Discobot when Discourse
is hosted in a subfolder. This is because we’re providing
`Discourse.base_url` to the Rails helpers which contains the base URL
*with* the prefix. But Rails helpers already handle this prefix so the
resulting link gets the prefix twice.

The fix is quite simple: use `Discourse.base_url_no_prefix` instead of
`Discourse.base_url`.
2023-04-17 16:53:00 +02:00
Joffrey JAFFEUX 2535381f44
FIX: ensures tag notification level is changed (#21106)
Following a change in e9f7262813 which prevents the notification level to be returned from the update endpoint, the model couldn't update itself. This commit makes the update manually and adds a test to prevent future regressions.

Note we could also change the backend endpoint, but this should work correctly with minimum risk.
2023-04-17 10:48:41 +02:00
Martin Brennan a299c61d72
DEV: Remove hardcoded user_id in spec (#21111)
Followup to 08ff6eebad,
we can just test this using the original problem in
https://meta.discourse.org/t/-/172572, which is that
SiteSetting.default_categories_normal had duplicate
IDs.
2023-04-17 16:35:22 +10:00
Alan Guo Xiang Tan 1f0207ba06
DEV: Add support for more filters for `/filter` route (#21097)
* DEV: Support `likes-(min:max):<count>` on `/filter` route

This commit adds support for the following filters: 

1. `likes-min` 
2. `likes-max`
3. `views-min`
4. `views-max`
5. `likes-op-min`
6. `likes-op-max`

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurrence of each filter will be taken into consideration.
2023-04-14 10:21:04 +08:00
Alan Guo Xiang Tan 782b26d0eb
DEV: Support `posters-(min|max):<count>` on `/filter` route (#21095)
This commit adds support for the `posters-min:<count>` and
`posters-max:<count>` filters for the topics filtering query language.
`posters-min:1` will filter for topics with at least a one poster while
`posters-max:3` will filter for topics with a maximum of 3 posters.

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurence of each filter will be taken into consideration.
2023-04-14 07:48:38 +08:00
Alan Guo Xiang Tan bc4a9c50f2
DEV: Support `posts-min:<count>` and `posts-max:<count>` on `/filter` (#21090)
This commit adds support for the `posts-min:<count>` and
`posts-max:<count>` filters for the topics filtering query language.
`posts-min:1` will filter for topics with at least a one post while
`posts-max:3` will filter foor topics with a maximum of 3 posts.

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurence of each filter will be taken into consideration.
2023-04-14 06:05:55 +08:00
Martin Brennan bd5c5c4b5f
FEATURE: Reacting to MessageBus in chat thread panel (#21070)
This commit introduces a ChatChannelPaneSubscriptionsManager
and a ChatChannelThreadPaneSubscriptionsManager that inherits
from the first service that handle MessageBus subscriptions
for the main channel and the thread panel respectively.

This necessitated a change to Chat::Publisher to be able to
send MessageBus messages to multiple channels based on whether
a message was an OM for a thread, a thread reply, or a regular
channel message.

An initial change to update the thread indicator with new replies
has been done too, but that will be improved in future as we have
more data to update on the indicators.

Still remaining is to fully move over the handleSentMessage
functionality which includes scrolling and new message indicator
things.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-04-13 14:45:50 +02:00
David Taylor e52f322cb5
UX: Use dominant color while loading onebox images (#21091)
When we "pull hotlinked images" on onebox images, they are added to the uploads table and their dominant color is calculated. This commit adds the data to the HTML so that it can be used by the client in the same way as non-onebox images. It also adds specific handling to the new `discourse-lazy-videos` plugin.
2023-04-13 12:04:46 +01:00
David Battersby 967010e545
FEATURE: Add an emoji deny list site setting (#20929)
This feature will allow sites to define which emoji are not allowed. Emoji in this list should be excluded from the set we show in the core emoji picker used in the composer for posts when emoji are enabled. And they should not be allowed to be chosen to be added to messages or as reactions in chat.

This feature prevents denied emoji from appearing in the following scenarios:
- topic title and page title
- private messages (topic title and body)
- inserting emojis into a chat
- reacting to chat messages
- using the emoji picker (composer, user status etc)
- using search within emoji picker

It also takes into account the various ways that emojis can be accessed, such as:
- emoji autocomplete suggestions
- emoji favourites (auto populates when adding to emoji deny list for example)
- emoji inline translations
- emoji skintones (ie. for certain hand gestures)
2023-04-13 15:38:54 +08:00
David Battersby 7d34ba38a2
FIX: all staff_counters should be pluralized strings (#21048)
Make all staff_counters pluralized strings
2023-04-12 17:13:37 +08:00
David Taylor 121d5c6c6a
UX: Enable new notifications menu by default (#21060)
https://meta.discourse.org/t/260358
2023-04-12 09:45:29 +01:00
Alan Guo Xiang Tan 2eb60c9713
DEV: Switch sidebar section link identifier to data attribute (#21051)
Data attribute is less restrictive than relying on the class attribute
2023-04-12 15:52:10 +08:00
Alan Guo Xiang Tan 3b045a2016
DEV: Minor refactoring and improvements to `TopicsFilter` (#21068) 2023-04-12 14:47:21 +08:00
Loïc Guitaut d151f4ee9d
FIX: Don’t assume post is available in UserEmail job (#21054)
Currently, we’re performing a check when a user is suspended in the
`UserEmail` job and we’re assuming a `post` is always available, which
is not the case. The code indeed breaks when the job is called with the
`account_suspended` type option.

This patch fixes this issue by making the check use the safe navigation
operator, thus making it working when `post` is not provided.
2023-04-12 12:34:22 +10:00
Alan Guo Xiang Tan a1524b84e2
DEV: Support `created-by:<username>` filter on `/filter` route (#21067)
This commit adds support for the `created-by:<username>` query filter
which will return topics created by the specified user. Multiple
usernames can be specified by comma seperating the usernames like so:
`created-by:username1,username2`. This will filter for topics created by
either of the specified users. Multiple `created-by:<username>` can also
be composed together. `created-by:username1 created-by:username2` is
equivalent to `created-by:username1,username2`.
2023-04-12 09:25:06 +08:00
Penar Musaraj 0ab3ba5f0d
SECURITY: strip `xlink:href` from uploaded SVGs (#21057)
This was inadvertently removed in 4c46c7e. In very specific scenarios,
this could be used execute arbitrary JavaScript.

Only affects instances where SVGs are allowed as uploads and CDN is not
configured.
2023-04-11 14:10:44 -04:00
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
Krzysztof Kotlarek 63a0466548
FIX: improve performance of UserStat.ensure_consistency (#21044)
Optimize `UserStatpost_read_count` calculation.

In addition, tests were updated to fail when code is not evaluated. Creation of PostTiming was updating `post_read_count`. Count it has to be reset to ensure that ensure_consitency correctly calculates result.

Extracting users seen in the last hour to separate Common Table Expression reduces the amount of processed rows.

Before
```
Update on user_stats  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12606.121..12606.127 rows=0 loops=1)
  ->  Hash Join  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12561.814..12603.689 rows=10 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 67
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.014..39.173 rows=75534 loops=1)
        ->  Hash  (cost=267455.80..267455.80 rows=2901 width=48) (actual time=12558.613..12558.617 rows=77 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 39kB
              ->  Subquery Scan on x  (cost=267376.03..267455.80 rows=2901 width=48) (actual time=12168.601..12558.572 rows=77 loops=1)
                    ->  GroupAggregate  (cost=267376.03..267426.79 rows=2901 width=12) (actual time=12168.595..12558.525 rows=77 loops=1)
                          Group Key: pt.user_id
                          ->  Sort  (cost=267376.03..267383.28 rows=2901 width=4) (actual time=12100.490..12352.106 rows=2072830 loops=1)
                                Sort Key: pt.user_id
                                Sort Method: external merge  Disk: 28488kB
                                ->  Nested Loop  (cost=1.28..267209.18 rows=2901 width=4) (actual time=0.040..11528.680 rows=2072830 loops=1)
                                      ->  Nested Loop  (cost=0.86..261390.02 rows=13159 width=8) (actual time=0.030..3492.887 rows=3581648 loops=1)
                                            ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..89.71 rows=28 width=4) (actual time=0.010..0.201 rows=78 loops=1)
                                                  Index Cond: (last_seen_at > '2023-04-11 00:22:49.555537'::timestamp without time zone)
                                            ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..9287.60 rows=4455 width=8) (actual time=0.081..38.542 rows=45919 loops=78)
                                                  Index Cond: (user_id = u.id)
                                      ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=3581648)
                                            Index Cond: (id = pt.topic_id)
                                            Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                            Rows Removed by Filter: 0
Planning Time: 0.692 ms
Execution Time: 12612.587 ms
```
After
```
Update on user_stats  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=677.724..677.729 rows=0 loops=1)
  ->  Hash Join  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=672.536..677.706 rows=1 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 54
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.012..23.977 rows=75534 loops=1)
        ->  Hash  (cost=9438.24..9438.24 rows=2829 width=48) (actual time=647.818..647.822 rows=55 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 37kB
              ->  Subquery Scan on x  (cost=9381.66..9438.24 rows=2829 width=48) (actual time=647.409..647.805 rows=55 loops=1)
                    ->  HashAggregate  (cost=9381.66..9409.95 rows=2829 width=12) (actual time=647.403..647.786 rows=55 loops=1)
                          Group Key: pt.user_id
                          Batches: 1  Memory Usage: 121kB
                          ->  Nested Loop  (cost=1.86..9367.51 rows=2829 width=4) (actual time=0.056..625.245 rows=120022 loops=1)
                                ->  Nested Loop  (cost=1.44..3692.96 rows=12832 width=8) (actual time=0.047..171.754 rows=217440 loops=1)
                                      ->  Nested Loop  (cost=1.00..254.63 rows=25 width=12) (actual time=0.030..1.407 rows=56 loops=1)
                                            Join Filter: (u.id = user_stats_1.user_id)
                                            ->  Nested Loop  (cost=0.71..243.08 rows=25 width=8) (actual time=0.018..1.207 rows=87 loops=1)
                                                  ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..86.71 rows=27 width=4) (actual time=0.009..0.156 rows=87 loops=1)
                                                        Index Cond: (last_seen_at > '2023-04-11 00:47:07.437568'::timestamp without time zone)
                                                  ->  Index Only Scan using user_stats_pkey on user_stats us  (cost=0.29..5.79 rows=1 width=4) (actual time=0.011..0.011 rows=1 loops=87)
                                                        Index Cond: (user_id = u.id)
                                                        Heap Fetches: 87
                                            ->  Index Scan using user_stats_pkey on user_stats user_stats_1  (cost=0.29..0.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=87)
                                                  Index Cond: (user_id = us.user_id)
                                                  Filter: (posts_read_count < 10000)
                                                  Rows Removed by Filter: 0
                                      ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..92.98 rows=4455 width=8) (actual time=0.036..2.492 rows=3883 loops=56)
                                            Index Cond: (user_id = user_stats_1.user_id)
                                ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=217440)
                                      Index Cond: (id = pt.topic_id)
                                      Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                      Rows Removed by Filter: 0
Planning Time: 1.406 ms
Execution Time: 677.817 ms
```
2023-04-11 12:28:08 +10:00
Alan Guo Xiang Tan 2809d7ba8e
DEV: Support `in:<notification level>` filter on `/filter` route (#21038)
This commit adds support for the `in:<topic notification level>` query
filter. As an example, `in:tracking` will filter for topics that the
user is watching. Filtering for multiple topic notification levels can
be done by comma separating the topic notification level keys. For
example, `in:muted,tracking` or `in:muted,tracking,watching`.
Alternatively, the user can also compose multiple filters with `in:muted
in:tracking` which translates to the same behaviour as
`in:muted,tracking`.
2023-04-11 08:48:07 +08:00
Blake Erickson d289b20858
DEV: Add fetching likes info to api docs (#21028)
This commit adds some more detailed information about how to actually
get the number of likes for a post.

Also refactors some requests and responses into json schema files to
clean up the specs a bit.

See https://meta.discourse.org/t/69017/4?u=blake
2023-04-10 09:07:10 -06:00
Sérgio Saquetim f8fb7ee9f3
DEV: Introduced topic_query_create_list_topics modifier (#21016)
Introduced a modifier on topic_query to change list while they're created

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-04-07 13:01:42 -03:00
Vinoth Kannan 7cedb911a7
FEATURE: add category name in articleSection meta tag for schema. (#21004)
https://schema.org/DiscussionForumPosting
2023-04-06 23:30:19 +05:30
Alan Guo Xiang Tan b2a951e4a5
DEV: Support `in:bookmarked` filter for the `/filter` route (#21000)
This filters the topics list to the topics that the current user has bookmarks in.
2023-04-06 12:55:28 +08:00
Alan Guo Xiang Tan ab54a616c1
DEV: Introduce `in:pinned` filter for experimental `/filter` route (#20974)
This commit adds support for the `in:pinned` filter to the topics filtering
query language. When the filter is present, it will filter for topics
where `Topic#pinned_until` is greater than `Topic#pinned_at`.
2023-04-06 10:13:02 +08:00
Alan Guo Xiang Tan 5bec894a8c
PERF: Fix N+1 queries problem when listing topics list (#20971)
This performance regression was introduced in
7c6a8f1c74 where the preloading of tags in
`TopicQuery` was accidentally removed.
2023-04-06 06:58:35 +08:00
Krzysztof Kotlarek e586f6052f
FEATURE: public custom sidebar sections visible to anonymous (#20931)
Previously, public custom sections were only visible to logged-in users. In this PR, we are making them visible to anonymous as well.

The reason is that Community Section will be moved into custom section model to be easily editable by admins.
2023-04-06 08:55:47 +10:00
Mark VanLandingham 65f35e1ef2
FEATURE: SiteSetting for creation of small action on tag change (#20812)
This adds a SiteSetting, which when enabled, creates a small_action post for tag/category changes to the topic. It uses `topic.add_moderator_post, and passes raw text in, to describe the change.
2023-04-05 13:31:31 -05:00
David Taylor df849e51b7
DEV: Add plugin hook for transforming site setting defaults (#20941) 2023-04-05 12:28:16 +01:00
Krzysztof Kotlarek b72282123b
FIX: public sidebar sections belong to system user (#20972)
Before, public sidebar sections were belonging to admin. However, a better choice is system user.
2023-04-05 10:52:18 +10:00